hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-23 15:55:18 +02:00
Code Issues Packages Projects Releases Wiki Activity
79,304 Commits 1,742 Branches 165 Tags
cf015d18f116dae4e631ffdda4e9f67daba28ac0
Commit Graph

154 Commits

Author SHA1 Message Date
Brandon Stewart
f241498cab correct additional pascalcase issue 2023-07-26 17:55:56 +00:00
Brandon Stewart
1a83554b0c correct typo 2023-07-26 17:54:42 +00:00
Brandon Stewart
346a2f269e Update UnsafeHmacComparison.ql 2023-07-26 13:48:42 -04:00
Brandon Stewart
42adbe0cd4 address linter 2023-07-26 17:43:34 +00:00
Brandon Stewart
adddc58b61 address linter 2023-07-26 17:38:06 +00:00
Brandon Stewart
494e7d9a3f add unsafe HMAC comparison query and qlhelp file 2023-07-26 17:28:22 +00:00
Alex Ford
d89c10dd85 Merge pull request #13130 from maikypedia/maikypedia/xpath-injection 
Ruby :  XPath Injection Query (CWE-643)
 2023-07-14 14:10:09 +01:00
Alex Ford
dbb55ff2b4 Ruby: fix xpathinjection deprecation warnings 2023-07-14 12:45:27 +01:00
Alex Ford
a524735236 Merge branch 'main' into maikypedia/ldap-injection 2023-07-14 12:05:17 +01:00
Maiky
119a32fe0e fix naming error 2023-07-12 23:54:58 +02:00
Maiky
c255f8717d Change hasFlowPath to flowPath 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2023-07-11 19:20:54 +02:00
Maiky
a3c58c66e9 Using DataFlow::ConfigSig instead of TaintTracking::Configuration 2023-07-06 03:14:49 +02:00
amammad
37af588492 update CVE instance in qhelp 2023-06-26 21:16:16 +10:00
amammad
9540c58c4a make one ql file 2023-06-26 20:55:11 +10:00
amammad
9e33b47cbd added more additional steps 2023-06-26 17:46:22 +10:00
amammad
e2fe0e11f0 fix formatting error/warnings 2023-06-26 17:14:46 +10:00
amammad
796075f9dc V1 Bombs 2023-06-25 00:59:21 +10:00
Tony Torralba
8f6d2ed2f9 Adjust ZipSlip query description according to review suggestions. 2023-06-19 10:27:41 +02:00
Tony Torralba
3c4d938cf1 Apply code review suggestions. 
Co-authored-by: Asger F <asgerf@github.com>
 2023-06-19 10:20:19 +02:00
Tony Torralba
3e96fe60c5 Go/Java/JS/Python/Ruby: Update the description and qhelp of the ZipSlip query 
All filesystem operations, not just writes, with paths built from untrusted archive entry names are dangerous
 2023-06-16 08:52:44 +02:00
Maiky
e5fe5403b7 Apply requested changes 2023-06-14 22:55:14 +02:00
Maiky
62353122c0 Add Improper LDAP Authentication query (CWE-287) 2023-05-29 21:16:13 +02:00
Maiky
2d8318dc02 remove unnecessary imports and edit .qhelp 2023-05-28 17:40:31 +02:00
Maiky
9ab6eabd15 add filterTaintStep, qhelp file and test files 2023-05-26 18:13:58 +02:00
Arthur Baars
e0466900ad Merge pull request #12992 from Sim4n6/ruby-UBV 
[Ruby] Add Unicode Bypass Validation query, test and help file
 2023-05-26 13:00:21 +02:00
Maiky
026d94c457 Add LDAP Injection query (incomplete) 2023-05-25 22:51:25 +02:00
Sim4n6
09c97ce0da Added one more example to the qhelp 2023-05-25 09:41:22 +01:00
Sim4n6
0a0a6dde40 Replaced CGI.escapeHTML() with the html_escape() 2023-05-20 17:59:39 +01:00
Sim4n6
f5ff50880c Updated qhelp for the use of html_escape() 2023-05-20 17:58:24 +01:00
Sim4n6
e345d7dca4 Update ruby/ql/src/experimental/cwe-176/examples/unicode_normalization.rb 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2023-05-20 12:54:03 +01:00
Sim4n6
7cd1fd4bbf CWE-179 and CWE-180 are included in metadata 2023-05-20 12:51:45 +01:00
Sim4n6
c9c7179a0b Deleted the ugly flowchart. 2023-05-20 12:49:46 +01:00
Sim4n6
c3c65ca712 Qhelp formatting 2023-05-20 12:48:26 +01:00
Sim4n6
8dcf139b45 Update ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.qhelp 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2023-05-20 12:46:54 +01:00
Maiky
071a77cedc Ruby : XPath Injection Query (CWE-643) 2023-05-11 15:29:54 +02:00
Sim4n6
019b85beb6 Add Unicode Bypass Validation query, test and help file 2023-05-02 15:36:39 +01:00
Maiky
64cf3adfd4 Update examples 2023-04-13 17:29:14 +02:00
Alex Ford
76ed56d2b6 Ruby: typo 2023-03-17 11:40:59 +00:00
Alex Ford
ee6288173f Ruby: remove extra opening p tag 2023-03-17 11:38:49 +00:00
Alex Ford
60f313863a Merge branch 'main' into maikypedia/ruby-ssti 2023-03-17 11:31:49 +00:00
Tom Hvitved
1d0b3d4112 Ruby: Ssa::WriteDefinition::getWriteAccess should return a CFG node 2023-03-16 11:28:24 +01:00
Maiky
5a9a90d00b Move query to experimental 2023-03-08 11:50:04 +01:00
gregxsunday
34b441c3cc move query to experimental folder 2023-02-23 12:12:04 +00:00
turbo
4ec401a3f6 Tag all security queries in supported languages' experimental directories with an experimental tag 2022-12-14 17:15:50 +01:00
Asger F
b4b34cc994 Ruby: port part of ActionController model 2022-10-31 13:33:41 +01:00
Josh Soref
8078f91b28 spelling: mapping 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Tom Hvitved
a9f2e5272f Merge pull request #10376 from hvitved/ruby/no-ast-by-default 
Ruby: Do not expose AST layer through `ruby.qll`
 2022-09-21 13:15:30 +02:00
Tom Hvitved
007ab2b7ce Ruby: Do not expose AST layer through ruby.qll 2022-09-13 19:59:56 +02:00
erik-krogh
063c76b6d1 apply suggestions from review 2022-09-13 10:52:23 +02:00
Harry Maclean
cb3ebeedf9 Merge pull request #9696 from thiggy1342/experimental-strong-params 
RB: Experimental strong params query
 2022-07-25 12:08:55 +12:00